Bug 1576062
Summary: | glibc-static appears to be compiled with the -pic option | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom Horsley <horsley1953> |
Component: | glibc | Assignee: | Carlos O'Donell <codonell> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | aoliva, arjun.is, codonell, dj, fweimer, horsley1953, law, mfabian, pfrankli, rth, siddhesh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-09 08:26:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom Horsley
2018-05-08 17:04:47 UTC
These relocations are needed for static PIE support. I think the link editor performs relaxation, and most of these relocations go away if you don't produce a static PIE binary. Does this address your concern? Thanks. Now I'm just wondering why static PIE is a thing. If you want the (probably spurious) security of a PIE executable why on earth would you link static at all? My concern is that I have my own "linker" to link patch code into programs I'm debugging and never had to deal with pic-style relocations before. I suppose I can teach it how to handle them, but it is a pain in the patoot :-). I don't suppose there is an "ld -r" option I could use to transform the pic relocations but still leave me with a relocatable .o file? (In reply to Tom Horsley from comment #2) > Now I'm just wondering why static PIE is a thing. If you want the (probably > spurious) security of a PIE executable why on earth would you link static at > all? There are many reasons for static linking (easier deployment, bootstrapping issues, performance), and PIE is required by most security hardening policies. Since you use a custom linker, you will either have to recompile glibc without static PIE support, or implement all the required relocations in your linker. |